INTRODUCTION:

Ad-hoc is actually a Latin word that means "for this purpose." In computer networking, an ad hoc network refers to a network connection established for a single session and does not require a router or a wireless base station. A wireless ad-hoc sensor network [1] consists of a number of sensors spread over a geographical area. Each sensor has wireless communication capability and some level of intelligence for signal processing and networking of the data. Some examples of wireless ad hoc sensor networks are the following: (a) Military sensor networks to detect and gain as much information as possible about enemy movements, explosions, and other phenomena of interest and to detect and characterize Chemical, Biological, Radiological, Nuclear, and Explosive (CBRNE) attacks and material. (b)Wireless traffic sensor networks to monitor vehicle traffic on highways or in congested parts of a city. (c)Wireless surveillance sensor networks for providing security in shopping malls, parking garages, and other facilities.

Basic features of Ad-hoc sensor networks are shown in table-1.

Table-1. Features of Ad-hoc sensor networks

Features	Ad-hoc Sensor networks
Main Aim	Prolonging the life of the network through aggressive energy management, to prevent connectivity degradation.
Redundancy in data	Sometimes
Mobility	Limited
Traffic	Statistical and Multimedia
Energy deficient	Yes, it is of primary importance
Data rate	Low[1-1000kbps]
Flow of data	Mostly unidirectional[sensor to sink]
Bandwidth deficient	Sometimes
Decentralized control	Yes
Basic features of Routing protocol	Loop free, energy and bandwidth efficient, secure and distributed in nature

1. Wireless ad-hoc sensor network requirements:

1.1. Large number of (mostly fixed) sensors: on the one hand the deployment of sensors on the ocean surface or the use of mobile, unmanned, robotic sensors in military operations, most nodes in a smart sensor network are fixed. Networks of 10,000 or even 100,000 nodes are envisaged, so scalability is a major issue.

1.2. Low energy use: Since in many executions the sensor nodes will be placed in a remote area, service of a node may not be possible. In this case, the lifetime of a node may be determined by the battery life, thereby requiring the minimization of energy expenditure.

1.3. Network self-organization: Given the large number of nodes and their potential placement in hostile locations, it is essential that the network be able to self-organize, manual configuration is not feasible. Moreover, nodes may fail (either from lack of and new nodes may join the network. Therefore, the network must be able to periodically reconfigure itself so that it can continue to function. Individual nodes may become disconnected from the rest of the network, but a high degree of connectivity must be maintained.

1.4. Collaborative signal processing: Yet another factor that distinguishes these networks from MANETs is that the end goal is detection/estimation of some events of interest, and not just communications. To improve the detection/estimation performance, it is often quite useful to fuse data from multiple sensors. This data fusion requires the transmission of data and control messages, and so it may put constraints on the network architecture.

1.5. Querying ability: A user may want to query an individual node or a group of nodes for information collected in the region. Depending on the amount of data fusion performed, it may not be feasible to transmit a large amount of the data across the network. Instead, various local sink nodes will collect the data from a given area and create summary messages. A query may be directed to the sink node nearest to the desired location.

2. OVERVIEW OF SECURITY ISSUES:

2.1. Attack and attacker:

An attack can be defined as an attempt to gain unauthorized access to a service, a resource or information, or the attempt to compromise integrity, availability, or confidentiality of a system. Attackers, intruders or the adversaries are the originator of an attack. The weakness in a system security design, implementation, configuration or limitations that could be exploited by attackers is known as vulnerability or flaw. Any circumstance or event (such as the existence of an attacker and vulnerabilities) with the potential to adversely impact a system through a security breach is called threat and the probability that an attacker will exploit a particular vulnerability, causing harm to a system asset is known as risk.

2.2. Security requirements:

A sensor network is a special type of Ad hoc network. So it shares some common property as computer network. The security requirements [2] [3] [4] of a wireless sensor network can be classified as follows:

2.2.1. Authentication: As WSN communicates sensitive data which helps in many important decisions making. The receiver needs to ensure that the data used in any decision-making process originates from the correct source. Similarly, authentication is necessary during exchange of control information in the network.

2.2.2. Integrity: Data in transit can be changed by the adversaries. Data loss or damage can even occur without the presence of a malicious node due to the harsh communication environment. Data integrity is to ensure that information is not changed in transit, either due to malicious intent or by accident.

2.2.3. Data Confidentiality: Applications like surveillance of information, industrial secrets and key distribution need to rely on confidentiality. The standard approach for keeping confidentiality is through the use of encryption.

2.2.4. Data Freshness: Even if confidentiality and data integrity are assured, we also need to ensure the freshness of each message. Data freshness suggests that the data is recent, and it ensures that no old messages have been replayed. To ensure that no old messages replayed a time stamp can be added to the packet.

2.2.5. Availability: Sensor nodes may run out of battery power due to excess computation or communication and become unavailable. It may happen that an attacker may jam communication to make sensor(s) unavailable. The requirement of security not only affects the operation of the network, but also is highly important in maintaining the availability of the network.

2.2.6. Self-Organization: A wireless sensor network believes that every sensor node is independent and flexible enough to be self-organizing and self-healing according to different hassle environments. Due to random deployment of nodes no fixed infrastructure is available for WSN network management. Distributed sensor networks must self-organize to support multi-hop routing. They must also self-organize to conduct key management and building trust relation among sensors.

2.2.7. Time Synchronization: Most sensor network applications rely on some form of time synchronization. In order to conserve power, an individual sensor’s radio may be turned off periodically.

2.2.8. Secure Localization: The sensor network often needs location information accurately and automatically. However, an attacker can easily manipulate non secured location information by reporting false signal strengths and replaying signals, etc.

2.3. Security classes:

Attacks on the computer system or network can be broadly classified [5] as interruption, interception, modification and fabrication (Figure 1).

2.3.1. Modification is an attack on integrity. Modification means an unauthorized party not only accesses the data but tampers it, for example by modifying the data packets being transmitted or causing a denial of service attack such as flooding the network with bogus data.

2.3.2. Fabrication is an attack on authentication. In fabrication, an adversary injects false data and compromises the trustworthiness of the information relayed.

2.3.3. Interception is an attack on confidentiality. The sensor network can be compromised by an adversary to gain unauthorized access to sensor node or data stored within it.

2.3.4. Interruption is an attack on the availability of the network, for example physical capturing of the nodes, message corruption, insertion of malicious code etc.

2.4. Layering-based attacks and possible security approach:

Though there are no such standard layered architecture of the communication protocol for wireless sensor network, here we have summarized possible attacks and their security solution approaches in different layers with respect to ISO OSI layer in the table-2 [6][7].

Table-2. Layering-based attacks and possible security approach

Layer	Attacks	Security Approach
Physical Layer	Jamming and tampering	Use spread-spectrum techniques and MAC layer admission control mechanisms
Data Link Layer	jamming and collision	Use error correcting codes and spread spectrum techniques
Network Layer	Packet drop, bogus routing Information and tunnel	Authentication
Transport Layer	Injects false messages and Energy drain attacks	Authentication
Application Layer	Attacks on reliability	Cryptographic approach

3. POSSIBLE ATTACKS ON WSN

Most of the routing protocols proposed for ad hoc and sensor network are not designed to handle security related issues. Therefore there is a lot of scope for attacks on them. Different possible attacks [8]-[17] on the flow of data and control information can be categorized as follows:

3.1. Node replication attack

This is an attack where attacker tries to mount several nodes with same identity at different places of the existing network. There are two methods for mounting this attack. In first method the attacker captures one node from the network and creates clone of a captured node and mounts in different places of the network. In second method attacker may generate a false identification of a node then makes clone out of this node and mounts in different places of the network. These mounted clone nodes tries to generates false data to disrupt the network. Node replication attack is different form Sybil attack. In Sybil attack a single node exists with multiple identities but in node replication attack multiple nodes present with same identity.

3.2. Black-hole attack

The black hole attack positions a node in range of the sink and attracts the entire traffic to be routed through it by advertising itself as the shortest route. The adversary drops packets coming from specific sources in the network. This attack can isolate certain nodes from the base station and creates a discontinuity in network connectivity. This attack is easier to detect than sinkhole attack. This attack generally targets the flooding based protocols. Another interesting type of attack is homing. In a homing attack, the attacker looks at network traffic to deduce the geographic location of critical nodes, such as cluster heads or neighbours of the base station. The attacker can then physically disable these nodes. This leads to another type of black hole attack. This attack aims to block the traffic to the sink and to provide a better ground for lunching other attacks like data integrity or sniffing. This attack can be prevented if we can restrict malicious node to join the network. Network setup phase should be carried out in a secure way.

Fig 1: Security Classes

3.3. Energy drain attack

WSN is battery powered and dynamically organized. It is difficult or impossible to replace/recharge sensor node batteries. Because there is a limited amount of energy available, attackers may use compromised nodes to inject fabricated reports into the network or generate large amount of traffic in the network. Fabricated reports will cause false alarms that waste real world response efforts, and drain the finite amount of energy in a battery powered network. However the attack is possible only if the intruder’s node has enough energy to transmit packets at a constant rate. The aim of this attack is to destroy the sensor nodes in the network, degrade performance of the network and ultimately split the network grid and consequently take control of part of the sensor network by inserting a new Sink node. To minimize the damage caused by this attack fabricated reports should be dropped en-route as early as possible.

3.4. Data integrity attack

Data integrity attacks compromise the data travelling among the nodes in WSN by changing the data contained within the packets or injecting false data. The attacker node must have more processing, memory and energy than the sensor nodes. The goals of this attack are to falsify sensor data and by doing so compromise the victim’s research. It also falsifies routing data in order to disrupt the sensor network’s normal operation, possibly making it useless. This is considered to be a type of denial of service attack. This attack can be defended by adapting asymmetric key system that is used for encryption or we can use digital signatures, but this requires a lot of additional overhead and is difficult to adapt in WSN.

3.5. Sniffing attack

Sniffing attack is a good example of interception or listen-in channel attack. In this attack an adversary node is placed in the proximity of the sensor grid to capture data. The collected data is transferred to the intruder by some means for further processing. This type of attack will not affect the normal functioning of the protocol. An outside attacker can lunch this attack for gather valuable data from the sensors. Often this attack is related to military or industrial secrets. The attack is based on the inherit vulnerability of the wireless networks of having unsecured and shared medium. Sniffing attacks can be prevented by using proper encryption techniques for communication.

3.6. Acknowledgement spoofing

Several sensor network routing algorithms rely on implicit or explicit link layer acknowledgements. Due to the inherent broadcast medium, an adversary can spoof link layer acknowledgments for “overheard” packets addressed to neighbouring nodes. Protocols that choose the next hop based on reliability issues are susceptible to acknowledgments spoofing. This results in packets being lost when travelling along such links. The goal includes convincing the sender that a weak link is strong or that a dead or disabled node is alive. Since packets sent along weak or dead links are lost, an adversary can effectively mount a selective forwarding attack using acknowledgement spoofing by encouraging the target node to transmit packets on those links. Acknowledgement spoofing attacks can be prevented by using good encryption techniques and proper authentication for communication.

3.7. HELLO flood attack

Many protocols require nodes to broadcast HELLO packets for neighbour discovery, and a node receiving such a packet may assume that it is within (normal) radio range of the sender. A laptop-class attacker with large transmission power could convince every node in the network that the adversary is its neighbour, so that all the nodes will respond to the HELLO message and waste their energy. The result of a HELLO flood is that every node thinks the attacker is within one-hop radio communication range. If the attacker subsequently advertises low-cost routes, nodes will attempt to forward their messages to the attacker. Protocols which depend on localized information exchange between neighbouring nodes for topology maintenance or flow control are also subject to this attack. HELLO floods can also be thought of as one-way, broadcast wormholes. We can prevent this attack by verifying the bi-directionality of local links before using them is effective if the attacker possesses the same reception capabilities as the sensor devices. Another way by using Authenticated broadcast protocols.

3.8. Wormhole attack

In this attack an adversary could convince nodes who would normally be multiple hops from a base station that they are only one or two hops away via the wormhole. The simplest case of this attack is to have a malicious node forwarding data between two legitimate nodes. Wormholes often convince distant nodes that they are neighbours, leading to quick exhaustion of their energy resources. An adversary situated close to a base station may be able to completely disrupt routing by creating a well-placed wormhole. Wormholes are effective even if routing information is authenticated or encrypted. This attack can be launched by insiders and outsiders. This can create a sinkhole since the adversary on the other side of the wormhole can artificially provide a high quality route to the base station, potentially all traffic in the surrounding area will be drawn through her if alternate routes are significantly less attractive. When this attack is coupled with selective forwarding and the Sybil attack it is very difficult to detect. More generally, wormholes can be used to exploit routing race conditions. A routing race condition typically arises when a node takes some action based on the first instance of a message it receives and subsequently ignores later instances of that message. The goal of this attack is to undermine cryptography protection and to confuse the sensor’s network protocols. We can prevent this by avoid routing race conditions. The solution requires clock synchronization and accurate location verification, which may limit its applicability to WSNs.

3.9. Sybil attack

Most protocols assume that nodes have a single unique identity in the network. In a Sybil attack, an attacker can appear to be in multiple places at the same time. This can be convincing by creating fake identities of nodes located at the edge of communication range. Multiple identities can be occupied within the sensor network either by fabricating or stealing the identities of legitimate nodes. Sybil attacks can pose a significant threat to geographic routing protocols. Location aware routing often requires nodes to exchange coordinate information with their neighbours to construct the network. So it expects nodes to be present with a single set of coordinates, but by using the Sybil attack an adversary can ‘‘be in more than one place at once’’. Since identity fraud leads to the Sybil attack, proper authentication can defend it.

3.10. Sinkhole attack

By sinkhole attack, the adversary tries to attract nearly all the traffic from a particular area through a compromised node. A compromised node which is placed at the centre of some area creates a large “sphere of influence”, attracting all traffic destined for a base station from the sensor nodes. The attacker targets a place to create sinkhole where it can attract the most traffic, possibly closer to the base station so that the malicious node could be perceived as a base station. The main reason for the sensor networks susceptible to sinkhole attacks is due to their specialized communication pattern. It may be extremely difficult for an adversary to launch such an attack in a network where every pair of neighbouring nodes uses a unique key to initialize frequency hopping or spread spectrum communication. Sinkholes are difficult to defend in protocols that use advertised information such as remaining energy or an estimate of end-to-end reliability to construct a routing topology because this information is hard to verify.

3.11. Selective forwarding attack

Multi-hop mode of communication is commonly preferred in wireless sensor network data gathering protocols. Multi-hop networks assume that participating nodes will faithfully forward and receive messages. However a malicious node may refuse to forward certain messages and simply drop them, ensuring that they are not propagated any further. This attack can be detected if packet sequence numbers are checked properly and continuously in a conjunction free network. Addition of data packet sequence number in packet header can reduce this attack.

3.12. Spoofed, altered, or replayed routing information

This is the most common direct attack against a routing protocol. This attack targets the routing information exchanged between the nodes. Adversaries may be able to create routing loops, attract or repel network traffic, extend or shorten source routes, generate false error messages, partition the network, and increase end-to-end latency. The standard solution for this attack is authentication. i.e., routers will only accept routing information from valid routers.

4. POSSIBLE ATTACKS ON EXISTING PROTOCOLS:

Depending on the network architecture and information used while taking routing decision, routing protocol in WSNs can be classified into flat-based routing, hierarchical-based routing, location-based routing, and network flow or quality of service (QoS) aware routing. In flat-based routing, all nodes are assigned equal roles. In hierarchical-based routing, nodes will play different role in the network. In location based routing, sensor nodes are addressed by their locations. Location based routing protocols are well applicable to sensor networks where there is less or no mobility. The Class of routing protocols and possible attacks are shown in table-3.

5. Problems with adhoc wsn: In order to discuss WSN security problems in general, some further justification is necessary.

5.1. Secure routing: Secure routing in networks such as the Internet has been extensively studied [18]-[23]. Many proposed approaches are also applicable to secure routing in ad hoc networks. To deal with external attacks, standard schemes such as digital signatures to protect information authenticity and integrity have been considered. For example, Sirios and Kent [21] propose the use of a keyed one-way hash function with windowed sequence number for data integrity in point-to-point communication and the use of digital signatures to protect messages sent to multiple destinations. Perlman [18] studies how to protect routing information from compromised routers in the context of Byzantine robustness. The study analyzes the theoretical feasibility of maintaining network connectivity under such assumptions. Kumar [19] recognizes the problem of compromised routers as a hard problem, but provides no solution. Other works [20]-[22] give only partial solutions. The basic idea underlying these solutions is to detect inconsistency using redundant information and to isolate compromised routers.

Table 3. Class of routing protocols and possible attacks

Protocol

Possible Attacks

Location-Based

√

Flat Based Routing

√

Network flow and Qos-aware

√

Hierarchical

√

1. Node replication attack, 2. Black hole, 3.Energy drain, 4. Data integrity, 5. Sniffing, 6. Acknowledgement spoofing, 7. HELLO flood, 8. Worm, 9. Sybil, 10. Sink hole, 11. Selective forward, 12. Spoofed altered.

For example, in [22], where methods to secure distance-vector routing protocols are proposed, extra information of a predecessor in a path to a destination is added into each entry in the routing table. Using this piece of information, a path-traversal technique (by following the predecessor link) can be used to verify the correctness of a path. Such mechanisms usually come with a high cost and are avoided (e.g., in [20]) because routers on networks such as the Internet are usually well protected and rarely compromised.

5.2. Replicated secure services: The concept of distributing trust to a group of servers is investigated by Reiter [24]. This is the foundation of the Rampart toolkit [25]. Reiter and others [26] have successfully used the toolkit in building a replicated key management service, which also employs threshold cryptography. One drawback of Rampart is that it may remove correct but slow servers from the group. Such removal renders the system at least temporarily more vulnerable. Membership changes are also expensive. For these reasons, Rampart is more suitable for tightly coupled networks than for ad hoc networks. Gong [27] applies trust distribution to Key Distribution Center (KDC), the central entity responsible for key management in a secret key infrastructure. In his solution, a group of servers jointly act as a KDC with each server sharing a unique secret key with each client. In [28], Malkhi and Reiter present Phalanx, a data repository service that tolerates Byzantine failures in an asynchronous system. The essence of Phalanx is a Byzantine quorum system [29]. In a Byzantine quorum system, servers are grouped into quorums satisfying a certain intersection property. The service supports read and write operations and guarantees that a read operation always returns the result of the last completed write operation. Instead of requiring each correct server to perform each operation, the service performs each operation on only a quorum of servers. However, this weak consistency among the servers suffices to achieve the guarantee of the service because of the intersection property of Byzantine quorum systems. In [30], Castro and Liskov extend the replicated state-machine approach [31] to achieve Byzantine fault tolerance. They use a three-phase protocol to mask away disruptive behavior of compromised servers. A small portion of servers may be left behind, but can recover by communicating with other servers. None of the systems provide mechanisms to defeat mobile adversaries and to achieve scalable adaptability. The latter two solutions do not consider how a secret (a private key) is shared among the replicas. However, they are useful in building highly secure services in ad hoc networks. For example, we could use Byzantine quorum systems to secure a location database [32] for an ad hoc network.

Conclusions:

Security in sensor networks has been an increasingly important issue for both academia and in industry individuals and groups working in this fast growing research area.Many factors contribute to the fact that security in WSNs is extremely more challenging than security in traditional networks. WSNs have inherent resource and computing constraints. WSNs operate on an insecure transmission medium. WSNs are often deployed in unattended, insecure environments. The challenges facing WSN designers express the necessity of integrating security into every component of a WSN. Hence, there is a need for further research into this new area as it poses some of its unique challenges. Presented issues are crucial for the future implementation of wireless sensor networks.

References:

[1] C. Perkins, “Ad Hoc Networks”, Addison-Wesley, Reading, MA, (2000).

[2] Yoneki, E. and Bacon, J. “A survey of Wireless Sensor Network technologies: research trends and middleware’s role”, technical report, (2005).

[3] Walters, J. P., Liang, Z., Shi, W., and Chaudhary, V. “Wireless sensor network security - a survey”, Security in Distributed, Grid, Mobile, and Pervasive Computing, (2007).

[4] Fernandes, L. L. “Introduction to Wireless Sensor Networks Report”, University of Trento, (2007).

[5] Stallings, W. Cryptography and Network Security Principles and Practice, Cryptography Book, 2nd Edition, Prentice- Hall, 0-13-869017-0, (2000).

[6] Saxena, M. “Security in Wireless Sensor Networks – A Layer based classification”, Technical Report [CERIAS TR 2007-04], Center for Education and Research in Information Assurance and Security - CERIAS, Purdue University, (2007).

[7] Zia, T. A. “A Security Framework for Wireless Sensor Networks”, (2008).

[8] Kaplantzis, S. “Security Models for Wireless Sensor Networks”, (2006).

[9] Sohrabi, K., Gao, J., Ailawadhi, V., and Pottie, G. J. “Protocols for Self- Organization of a Wireless Sensor Network”, IEEE Personal Communications, pp. 16-27, (2000).

[10] Woo, A. and Culler, D. “A Transmission Control Scheme for Media Access in Sensor Networks”, Proceedings of the Seventh Annual ACM/IEEE International Conference on Mobile Computing and Networking, (2001).

[11] Shih, E., Cho, S., Ickes, N., Min, R., Sinha, A., Wang, A. and Chandrakasan, A. “Physical layer driven protocol and algorithm design for energy-efficient wireless sensor networks”, Proceedings of the 7th Annual International Conference on Mobile Computing and Networking, Rome, Italy, pp. 272-287, (2001).

[12] Shen, C., Srisatjapornphat, C., and Jaikaeo, C. “Sensor Information Networking Architecture and Applications”, IEEE Pers. Communication, pp. 52–59, (2001).

[13] Committee on National Security Systems (CNSS) National Information Assurance Glossary, NSTISSI,No. 4009, (2006).

[14] Wood, A. and Stankovic, J. A. “Denial of Service in Sensor Networks”, IEEE Computer, 35(10):54-62, pp. 54-62, (2002).

[15] Siahaan, I. and Fernandes, L. “Secure Routing in Wireless Sensor Networks”, University of Trento, (2008).

[16] Dimitrievski, A., Stojkoska,B, Trivodaliev, K. and Dacev, D. “Securing communication in WSN trough use of cryptography”, NATO-ARW, Suceava, (2006).

[17] Parno, B., Perrig, A. and Gligor V. “Distributed Detection of Node Replication Attacks in Sensor Networks”, Proceedings of the IEEE Symposium on Security and Privacy (SandP’05, (2005)).

[18] R. Perlman. Network Layer Protocols with Byzantine Robustness. PhD thesis, Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, 1988.

[19] B. Kumar. Integration of security in network routing protocols. SIGSAC Reviews, 11(2):18–25, (1993).

[20] S. Murphy and J. J. Garcia-Luna-Aceves. An efficient routing algorithm for mobile wireless networks. MONET, 1(2):183–197, October (1996).

[21] K. E. Sirois and S. T. Kent. Securing the Nimrod routing architecture. In Proceedings of Symposium on Network and Distributed System Security, pages 74–84, Los Alamitos, CA, February (1997).

[22] B. R. Smith, S. Murphy, and J. J. Garcia-Luna-aceves. Securing distance-vector routing protocols. In Proceedings of Symposium on Network and Distributed System Security, pages 85–92, Los Alamitos, CA, February (1997).

[23] R. Hauser, T. Przygienda, and G. Tsudik. Lowering security overhead in link state routing. Computer Networks, 31(8):885–894, April (1999).

[24] M. K. Reiter. Distributing trust with the Rampart toolkit. Communications of the ACM, 39(4):71–74, April (1996).

[25] M. K. Reiter. The Rampart toolkit for building high-integrity services. In K. P. Birman, F. Mattern, and A. Schiper, editors, Theory and Practice in Distributed Systems, International Workshop, Dagstuhl Castle, Germany, September 5–9, 1994, Selected Papers, volume 938 of Lecture Notes in Computer Science, pages 99–110. Springer, (1995).

[26] M. K. Reiter, M. K. Franklin, J. B. Lacy, and R. N. Wright. The key management service. Journal of Computer Security, 4(4):267–297, (1996).

[27] L. Gong. Increasing availability and security of an authentication service. IEEE Journal on Selected Areas in Communications, 11(5):657–662, June (1993).

[28] D. Malkhi and M. Reiter. Secure and scalable replication in Phalanx. In Proceedings of the 17^th Symposium on Reliable Distributed Systems, pages 51–58, West Lafayette, IN USA, October 20–22, (1998).

[29] D. Malkhi and M. Reiter. Byzantine quorum systems. Distributed Computing, 11(4):203–213, (1998).

[30] M. Castro and B. Liskov. Practical Byzantine fault tolerance. In Proceedings of the 3rd USENIX Symposium on Operating System Design and Implementation (OSDI’99), pages 173–186, New Orleans, LA USA, February 22–25, (1999).

[31] F. B. Schneider. Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Computing Surveys, 22(4):299–319, December (1990).

[32] Z. J. Haas and B. Liang. Ad hoc mobility management using quorum systems. IEEE/ACM Transactions on Networking, (1999).

Received on 07.06.2011 Accepted on 15.07.2011

Int. J. Tech. 1(2): July-Dec. 2011; Page 55-61